anaconda_gitpython_GHSA-2mqj-m65w-jghx patch vulnerability (#990)

gauravsaini04 · web-flow · commit fb5ddfac7bc5 · 2024-03-07T15:28:02.000-08:00
diff --git a/src/anaconda/.devcontainer/Dockerfile b/src/anaconda/.devcontainer/Dockerfile
@@ -37,7 +37,9 @@ RUN python3 -m pip install --upgrade \
     # https://github.com/advisories/GHSA-5h86-8mv2-jq9f
     aiohttp==3.9.2 \
     # https://github.com/advisories/GHSA-6vqw-3v5j-54x4
-    cryptography==42.0.4
+    cryptography==42.0.4 \
+    # https://github.com/advisories/GHSA-2mqj-m65w-jghx
+    gitpython==3.1.41
 
 # Reset and copy updated files with updated privs to keep image size down
 FROM mcr.microsoft.com/devcontainers/base:1-bullseye
diff --git a/src/anaconda/test-project/test.sh b/src/anaconda/test-project/test.sh
@@ -49,6 +49,7 @@ checkPythonPackageVersion "tornado" "6.3.3"
 checkPythonPackageVersion "pyarrow" "14.0.1"
 checkPythonPackageVersion "pillow" "10.2.0"
 checkPythonPackageVersion "jupyterlab" "4.0.11"
+checkPythonPackageVersion "gitpython" "3.1.41"
 
 checkCondaPackageVersion "pyopenssl" "23.2.0"
 checkCondaPackageVersion "requests" "2.31.0"
